A blank username should never be allowed.

2010-03-10 03:39:05 +00:00 · 2010-03-10 03:39:05 +00:00 · 7f2253759c
commit 7f2253759c
parent 60e0f04261
2 changed files with 6 additions and 1 deletions
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@ -241,7 +241,7 @@ class ApiAuthAction extends ApiAction
            $realm = common_config('site', 'name') . ' API';
        }

-        if (!isset($this->auth_user_nickname) && $required) {
+        if (empty($this->auth_user_nickname) && $required) {
            header('WWW-Authenticate: Basic realm="' . $realm . '"');

            // show error if the user clicks 'cancel'
--- a/lib/util.php
+++ b/lib/util.php
@ -159,6 +159,11 @@ function common_munge_password($password, $id)

 function common_check_user($nickname, $password)
 {
+    // empty nickname always unacceptable
+    if (empty($nickname)) {
+        return false;
+    }
+
    $authenticatedUser = false;

    if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {